Lucene search
K

77 matches found

OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-361 joserfc has Possible Uncontrolled Resource Consumption Vulnerability Triggered by Logging Arbitrarily Large JWT Token Payloads

Summary The ExceededSizeError exception messages are embedded with non-decoded JWT token parts and may cause Python logging to record an arbitrarily large, forged JWT payload. Details In situations where a misconfigured — or entirely absent — production-grade web server sits in front of a Python...

9.2CVSS6AI score0.00329EPSS
Exploits1References9
SUSE CVE
SUSE CVE
added 2026/06/26 2:10 a.m.6 views

SUSE CVE-2026-53208

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: reject BR/EDR signaling packets over MTUsig net/bluetooth/l2capcore.c:l2capsigchannel accepts BR/EDR signaling packets up to the channel MTU and dispatches each command without enforcing the signaling MTU MTUsig...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/25 9:18 p.m.23 views

CVE-2026-8720 HMAC-BLAKE2 final discards message when key length exceeds block size

wcBlake2bHmacFinal and wcBlake2sHmacFinal discard the message when the key length exceeds the block size, producing a MAC that is independent of the input. When the supplied key is longer than the BLAKE2 block size the key-hashing branch reinitialized the running hash state, discarding the...

5.9CVSS0.00111EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 8:39 a.m.4 views

EUVD-2026-39299

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: reject BR/EDR signaling packets over MTUsig net/bluetooth/l2capcore.c:l2capsigchannel accepts BR/EDR signaling packets up to the channel MTU and dispatches each command without enforcing the signaling MTU MTUsig...

5.8AI score0.00122EPSS
Exploits0References8
CVE
CVE
added 2026/06/25 8:39 a.m.9 views

CVE-2026-53208

The CVE-2026-53208 entry concerns the Linux kernel Bluetooth subsystem: BR/EDR signaling packets are not enforcing MTUsig, allowing a remote BR/EDR peer within radio range (before pairing) to send a single 681-byte signaling packet containing multiple L2CAP_ECHO_REQ commands, which can trigger 16...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References8Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.6 views

PT-2026-52304

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Bluetooth L2CAP implementation where the l2cap sig channel function in net/bluetooth/l2cap core.c accepts BR/EDR signaling packets up to the channel MTU without...

5.5CVSS5.9AI score0.00122EPSS
Exploits0References16
ATTACKERKB
ATTACKERKB
added 2026/05/29 6:2 p.m.9 views

CVE-2026-47741

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, CreateOrderFromCartAction::execute previously created the Order row before checking and incrementing the discount's totaluse counter. Under concurrent checkout pressure Black Friday, flash sale, viral coupon, the global usagelimit was...

5.9CVSS5.8AI score0.00239EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/22 1:53 p.m.6 views

CVE-2026-31448

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid infinite loops caused by residual data On the mkdir/mknod path, when mapping logical blocks to physical blocks, if inserting a new extent into the extent tree fails in this example, because the file system disabled th...

5.7AI score0.00433EPSS
Exploits0References7Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/04 1:57 a.m.3 views

CVE-2025-47384

Transient DOS when MAC configures config id greater than supported maximum value...

6.5CVSS5.9AI score0.00105EPSS
Exploits0References1
Snyk
Snyk
added 2026/02/24 12:38 a.m.4 views

Heap-based Buffer Overflow

Overview Magick.NET-Q16-HDRI-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

5.9CVSS5.6AI score0.00181EPSS
Exploits0References2
NVD
NVD
added 2026/01/12 11:15 p.m.3 views

CVE-2026-22801

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions pngwriteimage16bit and pngwriteimage8bit causes heap buffer...

7.8CVSS0.00114EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/25 8:37 p.m.7 views

CVE-2025-65015

joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In versions from 1.3.3 to before 1.3.5 and from 1.4.0 to before 1.4.2, the ExceededSizeError exception messages are embedded with non-decoded JWT token parts and may cause...

9.2CVSS6.8AI score0.00329EPSS
Exploits1References8
SUSE CVE
SUSE CVE
added 2025/11/20 12:22 a.m.5 views

SUSE CVE-2025-65015

joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In versions from 1.3.3 to before 1.3.5 and from 1.4.0 to before 1.4.2, the ExceededSizeError exception messages are embedded with non-decoded JWT token parts and may cause...

9.2CVSS6.6AI score0.00329EPSS
Exploits1References3
NVD
NVD
added 2025/11/18 11:15 p.m.13 views

CVE-2025-65015

joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In versions from 1.3.3 to before 1.3.5 and from 1.4.0 to before 1.4.2, the ExceededSizeError exception messages are embedded with non-decoded JWT token parts and may cause...

9.2CVSS0.00329EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/11/18 11:7 p.m.14 views

CVE-2025-65015 joserfc has Possible Uncontrolled Resource Consumption Vulnerability Triggered by Logging Arbitrarily Large JWT Token Payloads

joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In versions from 1.3.3 to before 1.3.5 and from 1.4.0 to before 1.4.2, the ExceededSizeError exception messages are embedded with non-decoded JWT token parts and may cause...

9.2CVSS0.00329EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/11/18 11:7 p.m.5 views

CVE-2025-65015 joserfc has Possible Uncontrolled Resource Consumption Vulnerability Triggered by Logging Arbitrarily Large JWT Token Payloads

joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In versions from 1.3.3 to before 1.3.5 and from 1.4.0 to before 1.4.2, the ExceededSizeError exception messages are embedded with non-decoded JWT token parts and may cause...

9.2CVSS6.5AI score0.00329EPSS
Exploits1References5
CVE
CVE
added 2025/11/18 11:7 p.m.22 views

CVE-2025-65015

The CVE-2025-65015 issue affects the Python library joserfc (JOSE). Versions 1.3.3–1.3.5 and 1.4.0–1.4.2 embed ExceededSizeError messages with fully loaded JWT payloads, which may cause a misconfigured or fronted production web server to allow arbitrarily large bearer tokens to be logged in full ...

9.2CVSS6.5AI score0.00329EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2025/11/18 11:7 p.m.6 views

CVE-2025-65015 joserfc has Possible Uncontrolled Resource Consumption Vulnerability Triggered by Logging Arbitrarily Large JWT Token Payloads

joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In versions from 1.3.3 to before 1.3.5 and from 1.4.0 to before 1.4.2, the ExceededSizeError exception messages are embedded with non-decoded JWT token parts and may cause...

9.2CVSS6.7AI score0.00329EPSS
Exploits1References7
OSV
OSV
added 2025/11/18 6:26 p.m.12 views

GHSA-FRFH-8V73-GJG4 joserfc has Possible Uncontrolled Resource Consumption Vulnerability Triggered by Logging Arbitrarily Large JWT Token Payloads

Summary The ExceededSizeError exception messages are embedded with non-decoded JWT token parts and may cause Python logging to record an arbitrarily large, forged JWT payload. Details In situations where a misconfigured — or entirely absent — production-grade web server sits in front of a Python...

9.2CVSS6AI score0.00329EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2025/11/18 6:26 p.m.10 views

joserfc has Possible Uncontrolled Resource Consumption Vulnerability Triggered by Logging Arbitrarily Large JWT Token Payloads

Summary The ExceededSizeError exception messages are embedded with non-decoded JWT token parts and may cause Python logging to record an arbitrarily large, forged JWT payload. Details In situations where a misconfigured — or entirely absent — production-grade web server sits in front of a Python...

9.2CVSS7.1AI score0.00329EPSS
Exploits1References7Affected Software1
Rows per page
Query Builder